ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Legal Ai Counsel

v1.0.0

法律AI助手 - An intelligent legal consultation assistant that helps users understand legal concepts, analyze legal scenarios, and prepare for legal matters. Use...

0· 70·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (legal AI counsel for Chinese civil/labor scenarios) match the implemented features: contract risk scanning, litigation-fee calc, labor-compensation estimates, and document skeleton generation. No declared credentials, binaries, or unrelated dependencies are present.
Instruction Scope
SKILL.md instructions are scoped to legal explanation, scenario analysis, and document skeletons. It explicitly includes a privacy note and disclaimer. One mismatch to flag: the SKILL.md suggests 'reference applicable laws and regulations' but there is no obvious source/authority or network fetch in the visible code—either the model will rely on its internal knowledge or the truncated part could add external lookups. Also the templates/requested fields prompt users to supply PII (names, ID numbers); SKILL.md warns users to avoid sharing sensitive personal identification, but users may be encouraged to paste such data to get tailored output.
Install Mechanism
No install spec is provided (instruction-only + handler.py). This is the lowest-risk install mechanism because nothing is automatically downloaded or written during install.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That is proportionate for a local analysis/generation tool.
Persistence & Privilege
Skill flags show no 'always: true' and default agent invocation settings; the skill does not request permanent platform-wide privileges in the metadata. Nothing indicates it attempts to modify other skills or system settings.
What to consider before installing
The skill appears coherent with its stated purpose and contains only local text-processing features in the visible code, but part of handler.py was truncated in the provided content so you should: 1) review the entire handler.py yourself (or ask the publisher for the full source) to confirm there are no network requests, hidden endpoints, or file writes; 2) avoid pasting full personal identifiers (ID numbers, bank details, full addresses) into the skill — use redacted examples when testing; 3) prefer skills with a known author/homepage or an open-source repository so you can audit the code; 4) treat outputs as informational only (the skill itself warns it is not legal advice) and consult a licensed attorney for real cases; and 5) run the skill in a sandbox or isolated environment if you plan to test with real documents until you confirm there are no external calls or data exfiltration paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk97360338ty2vtdg1ze4sbg8bh83t77e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments